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DETAILED ACTION 
Response to Amendments 

1. This office action is responsive to amendment filed on 25 July 2005 in which remarks/arguments 
are presented; none of the existing claims is amended or canceled; and no new claim is added. 

Status of Claims 

2. Claims 1-18 have been examined. 

Response to Arguments 

3. Applicant's arguments, see amendment, filed on 25 July 2005, with respect to the rejection(s) of 
claims 1-18 under Pirhonen, U.S. Patent Publication no. 2004/0039709 have been fully considered and 
are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a 
new ground(s) of rejection is made in view of Gasser et al, U.S. Patent no. 5,224,163 published on 29 
June 1993. 

Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. §102 that form the basis 
for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or 
in public use or on sale in this country, more than one year prior to the date of application for 
patent in the United States. 

Independent claims 1, 7, 13 are rejected under 35 U.S.C. §1 02(b) as being anticipated by Gasser 
et al., U.S. Patent No. 5,224,163, published on 29 June 1993. 

As per claim 1 , Gasser et al. disclose a system comprising: 
• a terminal capable of communicating at least one of within and across at least one network, 

wherein the terminal is included within an organization including a plurality of terminals, at least 
one terminal having at least one characteristic and being at least one of a plurality of positions 
within the organization (i.e., workstations named W 1f W 2l ... W s , .... W n in a distributed 
computer system network - see col. 2, lines 60-66, and figure 6); 
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• a secondary certification authority (CA) capable of providing at least one role certificate to the 

terminal based upon the at least one position of the terminal within the organization, wherein 
the organization includes a plurality of secondary CA's capable of issuing at least one role 
certificate to respective groups of terminals of the organization (i.e., a central certifying 
authority {perhaps a human resource manager} capable of providing a human "user" of a 
workstation certificate, {with user is being a role} by means of a smart card - col. 12, lines 43- 
66); 

• a tertiary CA capable of providing at least one permission certificate to the terminal based upon 

the at least one characteristic of the terminal that is located at a position within the 
organization, wherein the organization includes a plurality of tertiary CA's capable of issuing at 
least one permission certificate to respective sub-groups of terminals of the organization (i.e., 
the user P's smart card SC, at the time of login to workstation signed a "delegation 
certificate D1" as a permission certificate, which authorizes/delegates to workstation W 1f which 
in turn permits/delegates to workstation W 2 via "delegation certificate D2" to speak/act for/on 
behalf of the user P- col. 13, lines 23-68; col. 14, lines 1-5); and 

• a server capable of authenticating the terminal based upon an identity certificate, the at least one 

role certificate and the at least one permission certificate of the terminal to thereby determine 
whether to grant the terminal access to at least one resource of the server (i.e., through a 
chain of reasoning using both delegation certificates D1, D2, and the authentication/identity 
certificate, the system resource W s can conclude that workstation W 2 is indeed authorized to 
speak for the user P, i.e., authorized to access to a file on the system resource W s - col. 14, 
lines 5-18). 

As per claim 7 , Gasser et al. disclose a method of authenticating a terminal comprising: 

• providing a terminal capable of communicating at least one of within and across at least one 

network, wherein the terminal is included within an organization including a plurality of 
terminals, at least one terminal having at least one characteristic and being at least one of a 
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plurality of positions within the organization (i.e., workstations named W 1f W 2 , ... W Sl W n in 
a distributed computer system network - see col. 2, lines 60-66, and figure 6); 

• providing at least one role certificate to the terminal from a secondary certification authority (CA) 

based upon the at least one position of the terminal within the organization, wherein the 
organization includes a plurality of secondary CA's capable of issuing at least one role 
certificate to respective groups of terminals of the organization (i.e., a human "user" of a 
workstation certificate, {with user is being a role} - col. 12, lines 43-66; or membership 
certificates for group G - col. 9, lines 38-60 ); 

• providing at least one permission certificate to the terminal from a tertiary CA based upon the at 

least one characteristic of the terminal located at a position within the organization, wherein the 
organization includes a plurality of tertiary CA's capable of issuing at least one permission 
certificate to respective sub-groups of terminals of the organization (i.e., "delegation certificates 
D1, D2", which the user P's smart card SC authorizes/delegates to workstation W 1f which in 
turn permits/delegates to workstation W 2 via "delegation certificate D2" to speak/act for/on 
behalf of the user P- col. 13, lines 23-68; col. 14, lines 1-5); and 

• authenticating the terminal at a server based upon an identity certificate, the at least one role 

certificate and the at least one permission certificate of the terminal to thereby determine 
whether to grant the terminal access to at least one resource of the server (i.e., through a 
chain of reasoning using both delegation certificates D1, D2, and the authentication/identity 
certificate, the system resource W s can conclude that workstation W 2 is indeed authorized to 
speak for the user P, i.e., W 2 is indeed authorized to access to a file on the system resource 
Ws-col. 14, lines 5-18). 
As per claim 13 , Gasser et al. disclose a terminal included within an organization including a 

plurality of terminals, each terminal having at least one characteristic and being at least one of a plurality 

of positions within the organization, the terminal comprising: 

• a controller capable of communicating at least one of within and across at least one network, 

wherein the controller is capable of obtaining at least one role certificate 10 from a secondary 
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certification authority (CA) based upon the at least one position of the terminal within the 
organization and at least one permission certificate from a tertiary CA based upon the at least 
one characteristic of the terminal that is located at a position within the organization, wherein 
the organization includes a plurality of secondary CA's capable of issuing at least one role 
certificate to respective groups of terminals of the organization, and wherein the organization 
includes a plurality of tertiary CA's capable of issuing at least one permission certificate to 
respective sub-groups of terminals of the organization (i.e., interpreted as a network controller 
or network card, which is inherently included in a networked computer); and 
• a memory capable of storing an identity certificate, at least one role certificate and at least one 
permission certificate (col. 3, line 40), 
wherein the controller is also capable of communicating with a server such that the server is 
capable of authenticating the terminal based upon the identity certificate, the at least one role 
certificate and the at least one permission certificate of the terminal to thereby determine 
whether to grant the terminal access to at least one resource of the server (understood). 

5. All other dependent claims have been addressed before and remain rejected. 

Conclusion 

6. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
• Reliance server for electronic transaction system, Asay et al., U.S Patent 5,903,882, 
published on 11 May 1999. 

7. Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to NANCY LOAN T. LE whose telephone number is (571) 272-7066. The examiner can 
normally be reached on Monday-Thursday, 7am-5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
JAMES P. TRAMMELL can be reached on (571) 272-6712. For official/regular communication, the fax 
number for the organization where this application or proceeding is assigned is (571) 273-8300. For 
informal/draft communication, the fax number is (571) 273-7066 (rightfax). 
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8. 



Information regarding the status of an application may be obtained from the Patent Application 



Information Retrieval (PAIR) system. Status information for published applications may be obtained from 



either Private PAIR or Public PAIR. Status information for unpublished applications is available through 



Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov . 



Should you have questions on access to the Private PAIR system, contact the Electronic Business Center 



(EBC) at 866-217-9197 (toll-free). 



9. 



Any response to this action should be mailed to: 



Commissioner of Patents and Trademarks 
P.O. Box 1450 
Alexandria, VA 22313-1450 



United States Patent and Trademark Office 
Customer Service Window 
Randolph Building 
401 Dulany Street 
Alexandria, VA 22314 



10. 



Hand delivered responses should be brought to: 



NL 



03 October 2005 
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